Improper Access Validation in Red Lion Europe mbCONNECT24 and Helmholz myREX24 Products
CVE-2023-4834

4.3MEDIUM

Key Information:

Vendor: Red Lion Europe
Status: mbCONNECT24; mymbCONNECT24; myREX24; myREX24.virtual
Vendor: CVE Published:; 16 October 2023

🔔 Create Red Lion Europe Vulnerability Alert

What is CVE-2023-4834?

A security vulnerability exists in Red Lion Europe mbCONNECT24 and Helmholz myREX24 products due to an improperly implemented access validation mechanism. This flaw permits an authenticated, low-privileged attacker to gain unauthorized read access to certain non-critical device information within their account. This exposure poses a risk of information leakage, enabling potentially harmful insights into device configurations or usage that should not be visible to an attacker with limited permissions. Users should evaluate their systems for these versions and consider implementing necessary patches to mitigate the risk.

Affected Version(s)

mbCONNECT24 0 <= 2.14.2

mymbCONNECT24 0 <= 2.14.2

myREX24 0 <= 2.14.2

References

https://cert.vde.com/en/advisories/VDE-2023-041

https://cert.vde.com/en/advisories/VDE-2023-043

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2023
Vulnerability Reserved
Sep 8, 2023

JSON